Chances are you're increasingly letting the online world into your confidence. The amount of personal information shared in blogs and vlogs, resumes, pictures of friends and family, PayPal transactions, Facebook bios, even tweets about what you just had for lunch, marks a collective new level of online over-share. The vast majority of your activity is harmless, safe and downright fun.

But as social networking and modes of communication proliferate, so do opportunities for scammers to glean bank numbers, birth dates, passport information, and even lunch recommendations. And today's identity thieves are getting much more personal. Their approaches use more information specific to you and target you more unobtrusively through new transmission methods.

Spear phishing aims at specific targets
Many recent online scams have played on the fact that we believe the person on the other side of the connection is legit. As opposed to regular phishing attempts, where emails attempting to get personal information are typically distributed en masse, spear phishing is an attack aimed at specific targets.

“We've had a handful of [spear phishing] cases,” says Jay Foley, executive director of the nonprofit Identity Theft Resource Center in San Diego. “One of the most interesting was a high-tech company attack.”

In this particular spear phishing attack, says Foley, somewhere between 200 to 2,000 CEOs received an email claiming to be from the United States District Court in San Diego. The email said that the company was being subpoenaed to testify before a grand jury in San Diego in 48 hours and that more information was contained in an attachment.

Some of the CEOs did what was natural and opened the attachment. But, as Foley explains, “You click on the attachment, and it launches a Trojan horse application that sends out all sorts of information”

Earlier this year, phishers spammed inboxes with messages claiming that there was a problem with the recipients' iTunes account. A link in the email opened a fake iTunes billing update Web page, which asked for a social security number, credit card number with security code, and mother's maiden name.

Similar attacks have been reported by job seekers excited by receiving targeted emails about opportunities for which they are especially well-suited. The excitement turns to suspicion when the fictitious employer asks for unusual information, such as their cell phone carrier or social security number.

Getting to know the bad guys
So who's making the attacks, and where do they come from?

“We know two things about them,” says Foley. “First, they're breathing. Second, they know how to use a computer.” Unfortunately, the anonymous nature of the attacks makes it difficult, if not impossible to find out who is behind them.

But we also know that this new breed of scammer is looking to get rich. The Associated Press reported recently that 27-year-old Michael Tyrone Thomas was arrested in Texas for allegedly stealing a computer file with the names and social security numbers of 1,132 University of California, Irvine students. Thomas was working for an office that handled the health insurance policies for the university's graduate students. According to police, Thomas then filed fake tax returns for 163 students.

What the scams share in common Although it may not be possible to know who carries out these attacks, Foley said that the scams themselves tend to have a few common characteristics:

• A sense of urgency They say that “your account will be frozen in 24 hours” or “unless you do this, the FDIC will freeze your bank account because of irregularities. You have until midnight to respond.”
• Great motivation Wanting to keep your bank account open or to access your downloaded music tempts you to respond.

A lack of practicality This is probably key in detecting scams, which usually don't make a lot of sense. If you receive a court summons, you'll be served in person, not via email. And places such as your bank, eBay, or PayPal already have your credit card number, so they have no need to ask for it again. They also know your name, so no email from a legit online company will begin with “Dear Sir,” “Customer,” or any generic title.

New ways thieves can reach you
You should also be aware of the new means of transmission available that may expose you to thieves.

Many cell phones and smartphones are now connected to the Internet and are just as vulnerable as any computer. So, by extension, are their Bluetooth devices. Keeping personally vigilant while using these devices, including making sure security updates are current, is important.

Wireless transmission offers another increasing threat. If you're using the free Wi-Fi service at the nearest greasy spoon, be wary of sending sensitive material. Thieves have been known to park their cars near free hot spots, gleaning information.

In this new and more social world of online interaction, where your life is online for all to see, and new devices put you out there more conveniently than ever, it can be more difficult to tell the friends from the foes. The best advice is to remember that while it's perfectly safe to share what you had for lunch with the world, there are still a few pieces of personal information best kept personal.

Joshua Cole writes frequently about technology and computing.

next article archive